By Todd A. Rodriguez, Esq.
It has been almost seven years since the Office of Inspector General (OIG) of the Department of Health and Human Services issued its Compliance Program Guidance for Individual and Small Group Physician Practices. For most of those seven years, fraud and abuse enforcement has been, and continues to be, a top priority for federal enforcement authorities. In addition, all indications are that state enforcement authorities, particularly in the context of state Medical Assistance programs, will be stepping up their enforcement efforts. In fact, if there is anything that the last seven years has taught the health care industry, it is that fraud and abuse enforcement and, in turn, compliance planning efforts are a fact of life. Accordingly, it is more important now than it has ever been for physicians to understand the principles of compliance and implement a working fraud and abuse compliance program within their practices. Surprisingly, however, many physicians, particularly those in solo or smaller group practices, do not have an active compliance program in their practices or even a firm understanding of the fundamentals of compliance planning.
When asked why they do not have a compliance program, many physicians will say that they simply do not have the time or the resources to devote to what they perceive to be a very complex and daunting undertaking. Hiring a compliance officer, developing comprehensive policies and procedures and regularly undergoing expensive outside audits is simply too big of a pill for many physicians to swallow in the face of shrinking reimbursements and rising overhead costs. In reality, however, developing a basic –but effective – compliance program need not be overwhelming or overly expensive.
Many physicians are under the mistaken impression that for a compliance program to work effectively and be meaningful to enforcement authorities, it must necessarily be comprehensive, addressing everything from employee screening to maintaining an anonymous telephone hotline for employees to make compliance-related reports. The truth is, however, that while a comprehensive compliance program is the ideal, doing something (where those efforts are genuine) is better than doing nothing. Moreover, the OIG does not mandate how a compliance program must be developed or implemented, or even that a compliance program be comprehensive. To the contrary, in its guidance for physicians and small groups, the OIG expressly acknowledged that given the financial and staffing resource constraints faced by physician practices, the OIG does not expect physicians to necessarily implement all components of a full scale compliance program. The OIG further recommends that physicians develop their compliance programs through a “step by step” approach rather than all at once.
The keys to developing an effective and affordable basic compliance program are to: (1) put someone in charge of the process, (2) identify risk areas specific to the practice in question, (3) develop policies and procedures designed to address those risk areas, and (4) train employees about compliance in general and the practice’s compliance program in particular. Here are some recommended steps for starting (or restarting) a physician practice compliance program without breaking the bank:
Put someone in charge. In order for any compliance program to gain traction, whether in a large, multi-facility hospital system or the smallest physician practice, someone must be charged with responsibility to develop and oversee implementation of the compliance activities. Of course, where resources are not an issue, this “compliance officer” will be an individual whose sole responsibility is oversight of the compliance functions. Obviously, however, smaller physician practices will simply not have the resources to hire a full-time compliance officer; fortunately, however, they also do not need such a person. Rather, the compliance oversight functions can be performed on a part-time basis by an existing employee. Typically that employee should be someone who has an understanding of the billing process, an interest in learning more about compliance, and the time to devote to these activities. In many cases this will be a practice physician but may also be the practice administrator or even a bookkeeper.
Set the course. In order to develop a compliance program that fits the practice, the practice must first identify its own risk areas. One area of concern for most physician practices is billing and coding and documentation. The specific billing and coding issues that should be reviewed will vary from practice to practice. For example, for most primary care practices, evaluation and management (E/M) services will present the greatest risk from a billing, coding and documentation standpoint. Surgical practices, on the other hand, will likely want to look at procedure coding and modifier usage, in addition to E/M services.
To get a handle on how well the physicians and the practice understand coding and documentation requirements, it is generally advisable to begin with a baseline audit. Typically this should involve a review of a sufficient number of services (e.g., visits, procedures) for each physician in the practice to ascertain whether there are patterns which demonstrate a lack of understanding. Ten charts per physician will usually be sufficient for these purposes. When performing a baseline audit, it most often makes sense to use an outside consultant (engaged through an attorney to preserve the attorney/client privilege) to perform the actual audit. Audits done internally by a practice’s billing personnel are less likely to identify mistakes in the billing process since they require the auditors to identify their own mistakes.
Once the baseline audit is complete, the practice should use the results to identify areas where training on documentation and coding guidelines is warranted. Physicians and billing personnel should undergo that training (for consistency purposes, this is typically best done by the same consultant that performed the auditing), followed by a subsequent audit of a sampling of the same services in six months or so to ascertain whether the training was effective. This type of auditing should be done at least annually, but need not be an overly expensive undertaking. Many consultants charge a nominal “per chart” fee (e.g., $25 to $50 per chart) for auditing and will provide follow up training at a reasonable hourly rate.
In addition to performing a baseline audit, the practice should try to identify other areas of possible legal exposure. One helpful resource for identifying risk areas is the OIG’s annual Work Plan which identifies the OIG’s planned activities for the coming fiscal year. For example, the Fiscal Year 2008 Work Plan identifies, among other things, physician compliance with the Medicare “incident-to” billing rules, compliance with the assignment and reassignment rules and evaluation and management services during global surgery periods as issues the OIG will review in 2008. Practices that regularly engage in any of the activities identified in the Work Plan may wish to add a review of these activities to their baseline compliance analysis.
Put it in writing. The next step in the compliance planning process is to develop policies and procedures within the practice to ensure ongoing compliance. Policies and procedures should address areas of concern raised in the baseline audit and risk area analysis as well as other routine policies and procedures related to the billing and coding process. Many practices will find that developing these policies and procedures is largely a matter of committing to writing office policies and procedures that have existed within their practices for years but which were never written down.
Get the word out. A final, very important step in the compliance planning process is to make sure that practice personnel are appropriately trained on risk areas, key compliance concepts and the practice’s specific compliance policies and procedures. Many training resources are available for free on the Internet (including resources available through the Centers for Medicare and Medicaid Services). It is generally advisable to have some form of compliance training on an annual basis for all employees and mandatory training for new employees within a reasonable period of time (e.g., 30 days) of their commencing employment. Finally, the practice should keep written records of employee attendance at training sessions.
Undertaking the above steps will enable practices to develop the fundamentals of a working compliance program without spending an exorbitant amount of money. Even a basic compliance program will help to identify and remedy areas of concern and will serve to demonstrate to enforcement authorities that the practice takes compliance seriously. And, while the compliance program may not add to a practice’s bottom line, if done properly it should enable physicians to keep (rather than refund) the hard-earned dollars they receive for their services.
Todd A. Rodriguez, Esq., is a health care attorney in the Chester County, Pennsylvania office of Fox Rothschild LLP.